| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| SharePoint | Authentication Context Example | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/authentication-context-example.md | To create a conditional access policy Next, update a sensitivity label (or create a new one) to use the authentication context. To update a sensitivity label-1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com/informationprotection), on the **Information protection** tab, click the label that you want to update and then click **Edit label**. +1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/informationprotection), on the **Information protection** tab, click the label that you want to update and then click **Edit label**. 2. Click **Next** until you are on the **Define protection settings for groups and sites** page. |
| SharePoint | Change Your Sharepoint Domain Name | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/change-your-sharepoint-domain-name.md | If your organization has gone through a rebranding, merger, or acquisition and n | Custom apps and Group Policy objects | Absolute URLs embedded in these apps and objects aren't changed. | Edit custom apps and Active Directory Group Policy objects that contain absolute URLs and if necessary, change the URLs to the new domain name. Confirm with third-party app publishers that apps don't contain absolute URLs. | | Custom and third-party apps | Some apps might not process the HTTP 308 direct correctly. | Edit custom apps and work with third-party app publishers to ensure that they handle HTTP 308 responses correctly. | | Delve | It can take 24 hours before People profiles can be viewed. | None |-| eDiscovery | Holds can't be removed until you update the URLs. | In the Compliance center, change the eDiscovery hold URLs to the new domain name. | +| eDiscovery | Holds can't be removed until you update the URLs. | In the Microsoft Purview compliance portal, change the eDiscovery hold URLs to the new domain name. | | InfoPath forms | Forms that use a SharePoint connection as a data source won't work. | Reconnect these forms to SharePoint. | | Office apps | While the domain name is being changed, users might experience an error when saving Word, Excel, and PowerPoint documents that are located in a site or OneDrive. | Attempt to save the document again and if necessary change the URL of the save location. | | OneDrive | The Quick access links in a OneDrive won't work. | None | |
| SharePoint | Create B2b Extranet | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/create-b2b-extranet.md | Depending on your collaboration needs, you can include Microsoft 365 groups or M **Auditing and reporting**. Microsoft 365 B2B extranet offers visibility into the access of your content by external partner users. One of the key IT benefits is to be able to audit usage, including being able to see who is inviting whom and when a guest logs in to access the content. See [Search the audit log in the Security & Compliance Center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance) for more information. - **Security and governance**. Microsoft 365 features such as [data loss prevention](/microsoft-365/compliance/data-loss-prevention-policies) and [Microsoft Cloud App Security](/cloud-app-security/what-is-cloud-app-security) provide a robust feature set to help you create a secure guest sharing environment. + **Security and governance**. Microsoft 365 features such as [Microsoft Purview data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp) and [Microsoft Cloud App Security](/cloud-app-security/what-is-cloud-app-security) provide a robust feature set to help you create a secure guest sharing environment. ## Compare Microsoft 365 extranet with a traditional SharePoint on-premises extranet |
| SharePoint | Deploy File Collaboration | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/deploy-file-collaboration.md | Creating a *People in your organization* link does not cause the file or folder ### Classify and protect information -Data loss prevention in Microsoft 365 provides a way to classify your teams, groups, sites, and documents, and to create a series of conditions, actions, and exceptions to govern how they're used and shared. +Microsoft Purview data loss prevention provides a way to classify your teams, groups, sites, and documents, and to create a series of conditions, actions, and exceptions to govern how they're used and shared. By classifying your information and creating governance rules around them, you can create a collaboration environment where users can easily work with each other without accidentally or intentionally sharing sensitive information inappropriately. With data loss prevention policies in place, you can be relatively liberal with your sharing settings for a given site and rely on data loss prevention to enforce your governance requirements. This provides a friendlier user experience and avoids unnecessary restrictions that users might try to work around. -For detailed information about data loss prevention, see [Overview of data loss prevention](/office365/securitycompliance/data-loss-prevention-policies). +For detailed information about data loss prevention, see [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp). **Sensitivity labels** |
| SharePoint | Deprecation Of Site Mailboxes | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/deprecation-of-site-mailboxes.md | Get-SiteMailbox -BypassOwnerCheck -ResultSize unlimited | ft Name, Owners ## Export site mailboxes through PST (Manually) -You must have [Microsoft 365 admin permissions](/microsoft-365/admin/add-users/assign-admin-roles) to access the [Microsoft 365 compliance center](/microsoft-365/compliance/microsoft-365-compliance-center). +You must have [Microsoft 365 admin permissions](/microsoft-365/admin/add-users/assign-admin-roles) to access the [Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center). For more information, see [Permissions and sharing](./modern-experience-sharing-permissions.md). 1. Go to [https://compliance.microsoft.com/](https://compliance.microsoft.com/) and sign in with an account that has [admin permissions](./sharepoint-admin-role.md) for your organization. -2. In the Microsoft 365 compliance center Home page, navigate to **Show all** > **eDiscovery** > **Core**. +2. In the Microsoft Purview compliance portal Home page, navigate to **Show all** > **eDiscovery** > **Core**. The **Core eDiscovery** page is displayed. |
| SharePoint | Information Barriers Compliance Assistant | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/information-barriers-compliance-assistant.md | To verify that a new application was properly created in your organization's ent 8. In this example, the **M365-Group-Compliance-Assistant** is authorized to add/remove non-compliant information barrier users from your Microsoft 365 groups. -You can use the [Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance) to search, review, and track audit log events for the M365-Group-Compliance-Assistant application. The audit activities associated with the compliance assistant are: +You can use the [Microsoft Purview compliance portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance) to search, review, and track audit log events for the M365-Group-Compliance-Assistant application. The audit activities associated with the compliance assistant are: - **IB assistant removed group member**: The IB non-compliant group member was removed from the group by the compliance assistant. - **IB assistant removed group owner**: The IB non-compliant owner was removed from the group by the compliance assistant. |
| SharePoint | Information Barriers | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/information-barriers.md | search.appverid: # Use information barriers with SharePoint -[Information barriers](/microsoft-365/compliance/information-barriers) are policies in Microsoft 365 that a compliance admin can configure to prevent users from communicating and collaborating with each other. This solution is useful if, for example, one division is handling information that shouldn't be shared with specific other divisions, or a division needs to be prevented, or isolated, from collaborating with all users outside of the division. Information barriers are often used in highly regulated industries and those organizations with compliance requirements, such as finance, legal, and government. +[Microsoft Purview Information Barriers](/microsoft-365/compliance/information-barriers) are policies in Microsoft 365 that a compliance admin can configure to prevent users from communicating and collaborating with each other. This solution is useful if, for example, one division is handling information that shouldn't be shared with specific other divisions, or a division needs to be prevented, or isolated, from collaborating with all users outside of the division. Information barriers are often used in highly regulated industries and those organizations with compliance requirements, such as finance, legal, and government. For SharePoint, information barriers can determine and prevent the following kinds of unauthorized collaborations: Owner Moderated IB mode can't be set on a site with segments. Remove the segment ## Auditing -Audit events are available in the Microsoft 365 compliance center to help you monitor information barrier activities. Audit events are logged for the following activities: +Audit events are available in the Microsoft Purview compliance portal to help you monitor information barrier activities. Audit events are logged for the following activities: - Enabled information barriers for SharePoint and OneDrive - Applied segment to site |
| SharePoint | Intelligent Internet Overview | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/intelligent-internet-overview.md | Get familiar with the [intranet lifecycle](https://github.com/MicrosoftDocs/Offi ### 3 - Implement plans and start building -Start building [the home site](./home-site.md), [hubs](./planning-hub-sites.md), [sites](https://support.microsoft.com/office/plan-your-sharepoint-communication-site-35d9adfe-d5cc-462f-a63a-bae7f2529182), and pages that will make up the framework of your intranet. Consider using information barriers to ensure [confidential content](./information-barriers.md) is seen by the right users or use [audience targeting](https://support.microsoft.com/office/target-content-to-a-specific-audience-on-a-sharepoint-site-68113d1b-be99-4d4c-a61c-73b087f48a81) to target specific content to certain groups of users. +Start building [the home site](./home-site.md), [hubs](./planning-hub-sites.md), [sites](https://support.microsoft.com/office/plan-your-sharepoint-communication-site-35d9adfe-d5cc-462f-a63a-bae7f2529182), and pages that will make up the framework of your intranet. Consider using Microsoft Purview Information Barriers to ensure [confidential content](./information-barriers.md) is seen by the right users or use [audience targeting](https://support.microsoft.com/office/target-content-to-a-specific-audience-on-a-sharepoint-site-68113d1b-be99-4d4c-a61c-73b087f48a81) to target specific content to certain groups of users. - Get feedback from stakeholders and users along the way - Test site architecture with real users |
| SharePoint | Intro To File Collaboration | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/intro-to-file-collaboration.md | When users keep files on their local device or on a network share, they're out o Files stored in SharePoint-powered storage locations in Microsoft 365 are [encrypted in transit and in rest](/microsoft-365/compliance/data-encryption-in-odb-and-spo). (You can [encrypt files by using your own key](/microsoft-365/compliance/controlling-your-data-using-customer-key) if you want.) Files are also [scanned for viruses](/office365/securitycompliance/virus-detection-in-spo). As an admin, you can use tools in Microsoft 365 to further secure and monitor files in the Microsoft cloud: -- **Data loss prevention policies**. Warn or prevent users from sharing files that have specific labels outside the organization. [See Overview of data loss prevention](/office365/securitycompliance/data-loss-prevention-policies)+- **Microsoft Purview Data loss prevention policies**. Warn or prevent users from sharing files that have specific labels outside the organization. [See Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp) - **Retention labels**. Classify files to be retained, permanently deleted, or marked as a record. [See Overview of retention labels](/office365/securitycompliance/labels) |
| SharePoint | Introduction | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/introduction.md | If your organization has legal or other requirements that govern the handling of |:--|:--| |How to ensure that you retain files for a specified period of time, or delete them on a specified schedule|[Overview of retention policies](/microsoft-365/compliance/retention-policies)<br><br>[OneDrive retention and deletion](/onedrive/retention-and-deletion)| |How to classify documents based on the sensitivity of the information|[Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels)<br><br>[Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files)|-|How to prevent the loss or exfiltration of important data in documents emails|[Overview of data loss prevention](/microsoft-365/compliance/data-loss-prevention-policies)| +|How to prevent the loss or exfiltration of important data in documents emails|[Learn data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp)| |Search for in-place items such as email, documents, and instant messaging conversations|[Content Search in Microsoft 365](/microsoft-365/compliance/content-search)| If you use OneDrive in your organization and you want to protect important files by saving them to the cloud, govern how much storage space users get, or govern how users sync file, these references will help you configure your policies. |
| SharePoint | Manage Loop Components | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/manage-loop-components.md | You'll need the latest version of SharePoint PowerShell module to enable or disa |Experience|SharePoint organization properties|Notes| |:|:|:-|-|**All Microsoft 365 experiences** powered by Fluid Framework|`IsFluidEnabled` (boolean)|This core property controls all other experiences powered by Fluid Framework. Setting it to `False` will effectively disable all experiences (everything in this table) in the organization powered by Fluid Framework.| -|Loop components in Teams|n/a|There is no setting for disabling only Loop components in Teams at this time, you must use the core property above.| -|Microsoft Whiteboard on OneDrive|`IsWBFluidEnabled` (boolean) |Only applies when `IsFluidEnabled` is `True`| -|Microsoft OneNote collaborative Meeting notes|`IsCollabMeetingNotesEnabled` (boolean)|Only applies when `IsFluidEnabled` is `True`| +|Loop components in Teams and Outlook|`IsLoopEnabled` (boolean)<br/>**coming May 2022**|This property controls Loop experiences across the Microsoft 365 experience. Only applies when `IsFluidEnabled` is `True`| +|Microsoft Whiteboard on OneDrive|`IsWBFluidEnabled` (boolean) |This property controls Microsoft Whiteboard on OneDrive. Only applies when `IsFluidEnabled` is `True`| +|Microsoft OneNote collaborative Meeting notes|`IsCollabMeetingNotesEnabled` (boolean)|This property controls Microsoft OneNote collaborative Meeting notes. Only applies when `IsFluidEnabled` is `True`| +|**All Microsoft 365 experiences** powered by Fluid Framework.|`IsFluidEnabled` (boolean)|This core property controls all other experiences powered by Fluid Framework. Setting it to `False` will effectively disable all experiences (everything in this table) in the organization powered by Fluid Framework. Do not use after May - this setting will be deprecated later this year. To check your tenant's default file permissions 1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com). |
| SharePoint | Safeguarding Your Data | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/safeguarding-your-data.md | You control your data. When you put your data in SharePoint and OneDrive for Mic Microsoft engineers administer SharePoint and OneDrive using a PowerShell console that requires two-factor authentication. We perform day-to-day tasks by running workflows so we can rapidly respond to new situations. Check-ins to the service require code review and management approval. -No engineer has standing access to the service. When engineers need access, they must request it. Eligibility is checked, and if engineer access is approved, it's only for a limited time. In rare cases where Microsoft engineers need access to content (for example, if you submit a support ticket because a user can't access an important file that we believe is damaged), the engineers must check in a specific workflow that requires business justification and manager approval. An audit event is generated that you can view in the Microsoft 365 admin center. You can also turn on a feature called Customer Lockbox, so you need to approve the request. The engineer gets access only to the file in question. To learn how to turn on or off Customer Lockbox and approve and deny requests, see [Microsoft 365 Customer Lockbox Requests](/office365/admin/manage/customer-lockbox-requests). +No engineer has standing access to the service. When engineers need access, they must request it. Eligibility is checked, and if engineer access is approved, it's only for a limited time. In rare cases where Microsoft engineers need access to content (for example, if you submit a support ticket because a user can't access an important file that we believe is damaged), the engineers must check in a specific workflow that requires business justification and manager approval. An audit event is generated that you can view in the Microsoft 365 admin center. You can also turn on a feature called Customer Lockbox, so you need to approve the request. The engineer gets access only to the file in question. To learn how to turn on or off Customer Lockbox and approve and deny requests, see [Microsoft Purview Customer Lockbox Requests](/office365/admin/manage/customer-lockbox-requests). ## How you can safeguard your data- + One of the most important things you can do to safeguard your data is to require two-factor authentication for your identities in Microsoft 365. This prevents credentials from being used without a second factor and mitigates the impact of compromised passwords. The second factor can be made through a phone call, text message, or app. When you roll out two-factor authentication, start with your global admins, and then other admins and site collection admins. For info about how to do this, see [Set up multi-factor authentication for Microsoft 365 users](/office365/admin/security-and-compliance/set-up-multi-factor-authentication). Other things we recommend to increase security: - Use Azure Active Directory device-based conditional access to block or limit access on unmanaged devices like airport or hotel kiosks. See [Control access from unmanaged devices](control-access-from-unmanaged-devices.md).- + - Create policies to sign users out of Microsoft 365 web sessions after a period of inactivity. For information, see [Sign out inactive users](sign-out-inactive-users.md).- + - Evaluate the need for IP-based sessions. These simulate the access model of an on-premises deployment. Read more at [Control access based on network location or app](/onedrive/control-access-based-on-network-location-or-app).- + - Empower workers to share broadly but safely. You can require sign-in or use links that expire or grant limited privileges. See [Manage external sharing for your SharePoint environment](external-sharing-overview.md). -- Prevent accidental exposure of sensitive content. Create DLP policies to identify documents and prevent them from being shared. See [Overview of data loss prevention policies](/office365/securitycompliance/data-loss-prevention-policies).+- Prevent accidental exposure of sensitive content. Create DLP policies to identify documents and prevent them from being shared. See [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp). ## Protected in transit and at rest When data transits into the service from clients, and between datacenters, it's **Application security**: Engineers who build features follow the security development lifecycle. Automated and manual analyses help identify possible vulnerabilities. The Microsoft security response center ([Microsoft Security Response Center](https://www.microsoft.com/msrc?rtc=1)) helps triage incoming vulnerability reports and evaluate mitigations. Through the Microsoft Cloud Bug Bounty, people across the world can earn money by reporting vulnerabilities. Read more about this at [Microsoft Cloud Bug Bounty Terms](https://www.microsoft.com/msrc/bounty-microsoft-cloud?rtc=1 ). - **Content protection**: Your data is encrypted at the disk level using BitLocker encryption and at the file level using keys. For info, see [Data Encryption in OneDrive and SharePoint](/office365/securitycompliance/data-encryption-in-odb-and-spo). For information about using Customer Key to provide and control the keys that are used to encrypt your data at rest in Microsoft 365, see [Service encryption with Customer Key for Microsoft 365 FAQ](/office365/securitycompliance/service-encryption-with-customer-key-faq). + **Content protection**: Your data is encrypted at the disk level using BitLocker encryption and at the file level using keys. For info, see [Data Encryption in OneDrive and SharePoint](/office365/securitycompliance/data-encryption-in-odb-and-spo). For information about using Customer Key to provide and control the keys that are used to encrypt your data at rest in Microsoft 365, see [Service encryption with Microsoft Purview Customer Key FAQ](/office365/securitycompliance/service-encryption-with-customer-key-faq). The Microsoft 365 anti-malware engine scans documents at upload time for content matching an AV signature (updated hourly). For info, see [Virus detection in SharePoint](/office365/securitycompliance/virus-detection-in-spo). For more advanced protection, use Microsoft 365 Advanced Threat Protection (ATP). ATP analyzes content that's shared and applies threat intelligence and analysis to identify sophisticated threats. For info, see [Microsoft 365 Advanced Threat Protection](/office365/securitycompliance/office-365-atp). |
| SharePoint | Sensitive By Default | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/sensitive-by-default.md | description: "Learn how to block external sharing of newly added files." # Mark new files as sensitive by default -When new files are added to SharePoint or OneDrive in Microsoft 365, it takes a while for them to be crawled and indexed. It takes time for the [Office Data Loss Prevention (DLP) policy](/microsoft-365/compliance/data-loss-prevention-policies) to scan the content and apply rules to help protect sensitive content. If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing. +When new files are added to SharePoint or OneDrive in Microsoft 365, it takes a while for them to be crawled and indexed. It takes time for the [Microsoft Purview Data Loss Prevention (DLP) policy](/microsoft-365/compliance/dlp-learn-about-dlp) to scan the content and apply rules to help protect sensitive content. If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing. Instead of turning off external sharing entirely, you can address this issue by using a PowerShell cmdlet to block external access to new content. However, this doesn't work if external sharing is explicitly authorized in a DLP rule and the lack of sensitive content that goes against the policy rules has been verified. The setting enabled by this cmdlet prevents external users from accessing newly added files until at least one Office DLP policy scans the content and determines that the document doesn't contain any sensitive information that's against the rules defined in the policy. If the file has been indexed and scanned and it has no sensitive content that's against the rules in the DLP policy, then guests can access the file. If the policy identifies sensitive content in the document, or if there's no DLP rule explicitly authorizing access to the file, then guests won't be able to access the file, and they'll receive the following access denied error message: "This file is being scanned right now. Please try again in a few minutes. If you still don't have access, contact the file owner." |